The NSA to Release a Free Software Reverse Engineering Toolkit

The US’s National Security Agency (NSA) is releasing a software reverse engineering tool for free public use in March, in an unusual step – although the tool had already been leaked by Wikileaks as part of its Vault 7 batch of CIA leaks.

Dubbed GHIDRA and understood to have been in use internally at the NSA for over a decade, it will be publicly demonstrated – and made freely available – for the first time on March 5 at the RSAC 2019 conference by senior NSA advisor Robert Joyce.

NSA GHIDRA Release

GHIDRA, like commercially available reverse engineering tool IDA Pro and its open source alternative FRIDA, allows developers and researchers to “hook” into black box proprietary software.

Such tools can be used for code analysis, debugging, neutralising of malware, or simply adding functionalities to proprietary software.

IDA Pro author Ilfak Guilfanov told Computer Business Review: “The more tools to analyse binary files, the better. We spent decades to improve our tools and I’m curious to see what GHIDRA will bring to the public.”

The release will happen in a session at the conference in San Francisco titled “Come Get Your Free NSA Reverse Engineering Tool!”

The session note says the tool provides “an interactive GUI capability [that] enables reverse engineers to leverage an integrated set of features that run on a variety of platforms including Windows, Mac OS and LINUX and supports a variety of processor instruction sets.”

It adds: “The GHIDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed.”

Spoiler – it's a lot like IDA except slower (written in Java), its best feature is an architecture-agnostic C decompiler (uses a p-code translation layer) – not sure how many architectures the open source release will support. I have a bunch of friends that use it.

Computer Business Review has contacted the NSA for further comment on the reasoning behind the release of the tool, which appears to be tasked for quick analysis.

One security researcher, Markus Vervier, described the release to us as a marketing exercise: “I doubt it’s backdoored; it looks like a marketing exercise. They’re just trying to get something good out of a bad thing that happened to them…”

Announcement of the release comes as ex-NSA contractor Harold T. Martin III, accused of taking thousands of top secret documents home over two decades, decided to plead guilty later this month to a single charge that could carry a ten-year sentence.